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(57) Abstract 

A software regulation system for regulating the use of a software program in a host digital data processing (compu- 
ter) system. The software regulation system includes one or more checkpoint routines processed by the software program 
and a software regulation device, which may be part of the computer system or connected externally thereto. The check- 
point routines generate random checkpoint messages, which are enciphered and transmitted to the software regulation de- 
vice The software regulation device deciphers the checkpoint message, performs a processing operation to generate a re- 
sponse message, enciphers the response and sends the enciphered response to the checkpoint routine. The checkpoint 
routine then determines whether the enciphered response is correct and either allows the software program to proceed or 
terminates it. 
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APPARATUS AND METHOD FOR REGULATING 
THE USE OF PROPRIETARY COMPUTER SOFTWARE 



BACKGROUND OF THE INVENTION 



1. Field of the Invention 

The invention relates generally to the field of digital 
data processing (that is, computer) systems, and more . 
specifically to systems for regulating the use of computer 
programs which run in digital data processing systems. The 
invention provides a system that regulates use of a computer 
program by means of a new regulation device, the regulated 
program communicating with the regulation device to 
determine that the program is authorized for use on the 
specific digital data processing system including the 
regulation device . 

2. Description of the Prior Art 

The cost of making a copy of a software program is very 
small in comparison to the cost of creating the original 
program, testing it and bringing it to market. For example, 
a large and complex program, which was developed and tested 
at great cost, can be copied onto an inexpensive floppy disk 
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« a few minutes using relatively inexpensive ^ 
as. a personal computer, m this respect, software is 
different from most other products, which require 

significant expenditures for the revere ™- 

tne reverse engineering and 

fabrication equipment required to copy them. 

Furthermore, software programs" can be transported 
rapidly and inexpensively. For example , . program ^ ^ . 
transmitted over a telephone line or distributed across the 
nation by a single satellite broadcast. 

The ease with which software programs can be copied and 
transported contributes to the growth and prosperity of the 
computer industry; however, it also facilitates the 

unauthorized copyino dicfr^.,^ 

u FY ing, distribution and use, that is 

"piracy", o« software p „ grams . In fact> piracy „ f 
occurs on a la r g e scale and is . major probUn ^ ^ 
develop and sell software. 

Three principal methods have been used to curb piracy 
namely, l egal protection, copy protection, and US a 9 e 
reflation. t e ga l protection is based on patents and 
copyri g hts. with the ri 9 „t to use a pro 9 ra„ based on a 
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license to the user. Licenses are most effective in 
situations in which the customer and the software publisher 
or distributor are in close contact. In mass market 
distribution of programs, that situation is less common that 
it once was. 

Copy protection is based on technical tricks that >; 
prevent the customer from copying a software program from 
the disk on which it was delivered. Generally, copying was 
accomplished by means of various utilities in the operating 
system of the computer, and copy protection relied on the 
use of information in disk sectors that could not be 
obtained by the operating system but could be obtained by 
the program. If a copy was made using the operating system 
copy utilities, those disk sectors would not be copied and, 
when the software program looked for information in those 
sectors but did find it, the program terminated. Copy 
protection was successful for a time, but it imposed serious 
inconvenience on the customer and can now be defeated easily 
by special copying utilities and other programs. 

Usage regulation depends on the use of a physically and 
logically secure electronic device that must be connected to 
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a computer before that computer runs the protected software 
The software program performs instructions that test for the 
presence of the relation device, and stops running if the 
device is not present. 



Relation devices currently in „ se have significant 
disadvantages. The typical regulation device depends on 
trade secrets that can be discerned relatively easily, one. 
those trade secrets are known, the device can be replaced by 
an inexpensive counterfeit device. Using a copy of the 
software and a counterfeit regulation device, any person can 
have the ful! benefit of the "protected" software program 
without purchasing the software. 



e 



Furthermore, if multiple programs are to be regulated 
by the same regulation device, every program deveioper 
wishing to use the device would have to know the details of 
how to use the device. That would reouire providing all of 
them with the details of operation of the device, which 
would include the trade secrets. Increasing the number of 
people who are aware of the trade secrets of the device 
increases the likelihood that the secrets of operation of 
the device would leak out. 



WO 88/05941 




PCT/US88/00271 



-5- 

In addition, since existing devices are relative 
simple, they can be defeated by systematic analysis, 
without the benefit of a trade secret leak. Thus cur 
software regulation devices are effective only in cer 
situations and for a limited time. 

Also, in some systems such as disclosed in U.S. 
No. 4,458,315 issued to G. Uchenick on July. 3 , 1984, 
software program does little more than detect the pre 
of the regulation device using a simple, easily-defea 
message . 

SUMMARY OF THE INVENTION 

In brief summary, the invention described here is a new 
and improved system for regulating use of a proprietary 
software program including a software regulation device that 
is connected to a host computer running the software program 
to be regulated, in which the software program and software 
regulation device communicate so that the software program 
can verify that it is running on a computer that is 
authorized to run the-software program. 
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The software program includes "checkpoint routines" 

that generate and transmit brief messages for transmission 

to the software regulation device over the connection 

between the host computer and the device, and which -receives 

and interprets responses from the device. This exchange Vs 

a "checkpoint protocol" and has two forms, direct and 
indirect. 

The checkpoint protocols effectively oppose attests by 
an opponent, that is, one attempting to manufacture 
counterfeit copies of the software relation device and 
distribute the* with unauthorised copies of the software 
program, to create a counterfeit software relation device. 
I" a typical embodiment of the system, more than four 
billion different messages are possible, and they are used 
'° a " "■**•«<*•«*• »rd,r. Furthermore, both the challenge 
and the response are enciphered using fuily secure 
cryptographic methods. 

The software regulation system uses a different 
cryptographic Key for each protected software program. This 
key must be t e P t secret, but .11 other aspects of the design 
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and operation of the software regulation device can be 
disclosed without weakening the protection given to the 
software program. 

BRIEF DESCRIPTION OF THE DRAWINGS 

This invention is pointed out with particularity in the 
appended claims. The above and further advantages of this, 
invention may be better understood by referring to the 
following description taken in conjunction with the 
accompanying drawings, in which: 

FIG. 1 is general block diagram of a software 
regulation system constructed in accordance with the 
invention. 

FIGS. 2A, 2B, 2C, and 2D are diagrams of the messages 
used in the software regulation system depicted in Fig. 1. 

FIGS. 3 and 4 are flow charts depicting the two 
checkpoint routines, termed "direct" and "indirect" 
respectively, which are in a protected software program. 
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KG. 5 is a £low chart depicting the operations in the 
software regulation device. 

DE *™TPT IOM n, .. t t t f " TRATIVK P M 

no- 1 depicts one embodiment of a digital data 
Processing system that includes the inventive software 
relation svstem. „ ith reference to FIG. 1. the software 
regulation system includes a software regulation device 1 
that is connected to a host computer 3 that is running a 
software program z „ no5 e use is regulated as described 
below, 

The connection between tho 

een the hos t computer 3 and the 

software regulation device X is effected bv means of a cable 

over which pass serial sign.is conforming to the RS232 
standard. The cable Us connected to a conventional serial 
Port on the host computer 3 and a serial port on the 
software reguiation device 1. It vlll be appceciatedj 
however, that the mechanism for communication between the 
software regulation device l »„j »■. .. ' 

Ce 1 and the "ost computer 3 is not 
limited to the serial connection depicted in ,i B . l. W 
communications mechanism suitable for transmitting at'lea'st 
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short messages, each composed of several bytes of 
information, is suitable for use with the invention. 

The software regulation device 1 includes a 

microcomputer integrated circuit 6 which exchanges messages 

with the software program 2 through cable 4 and serial 

* 

interface circuitry 5. In one specific embodiment, the >f 
microcomputer 6 is an Intel 8751 microcomputer, a member of 
the Intel MCS-51 family of microcontrollers manufactured by 
Intel Corporation. The Intel 8751 microcomputer is a single 
chip device, which has an on-chip read-only program memory, 
a read/write data memory, a CPU, and a serial port, and can 
execute a program contained within its program memory 
without requiring any references to an external memory, all 
of which assist in maintaining the security of the program 
run by the microcomputer. > 

In its memory, the microcomputer integrated circuit 6 
contains a product registration that is associated with the 
program 2 running in the host computer 3. The product 
registration consists of at least a product number, a 
product key, and may also include other information about 
the use and status of the protected software program. -In- 
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the illustrative e^bodixnent, only one registration U 



present. 



in one embodiment, the product number comprises four 
bytes of data and the product key comprises eight bytes of 
data, m that embodiment, both the product number and the 
product key are stored in the read-only program memory of 
the microcomputer 6. In oth er embodiments of the invention, 
the product number and product key may be of diverse 
lengths, and may be stored in the read/write data memory of 
the microcomputer integrated circuit or in a combination of 
data memory and program memory. A piurality of software 
Programs may be accomodated by a single software regulation 
device 1 by storing a piurality of product registrations in 
its memory* 

An important feature of the microconputer 6 is its 
integrity, specifically, it must effectively resist attempts 
by an opponent to examine or modify the product key. The 
Intel 8751 microcomputer is particularly suitable for use in 
the software regulation device because it permits the 
Program memory to be nocked" so that it cannot be examined 
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or modified by users outside the chip without first erasing 
its contents. 

As noted above, in the software regulation system 
depicted in FIG. 1, regulation is effected by means of an 
exchange of messages over cable 4 between the software 
regulation device 1 and the software program 2 running on 
the host computer 3. The structure of various messages is 
shown in FIGs. 2A through 2D. 

FIG. 2A shows the structure of the message, termed 
herein a "challenge" message, which is first generated by a 
checkpoint routine in the software program 2. The challenge 
message consists of a four-byte padding field 11 and a four- 
byte random number field 12. The padding field 11 need not 
change from one execution of the checkpoint routine to the 
next, and its value is not significant; for example, the 
padding field could contain the ASCII codes for the four 
letters "ABCD" . The random number field 12 is a random 
number or a pseudo-random number that is almost always 
different from one execution of a checkpoint routine to the 
next. 
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Following generation of the challenge message, and 

prior to transmission by the checkpoint routine, the 

challenge message is enciphered. FIG. 2B shows the 

structure of the enciphered challenge message, which is an 

eight-byte message that is sent by the software program 

through the serial port of the host computer to the software 

regulation device. The challenge message is enciphered 
using a key that is specif . c fco fche sQftware ^^^^ 

is described below as a direct checkpoint (see FIG. 3). 

Alternatively, the challenge message may be enciphered 
using a- key that is specific to a specific checkpoint. This 
is described below as an indirect checkpoint routine (see 
FIG. 4). a software program may have several checkpoint 
routines, each having a different key. • 

The enciphered challenge message is transmitted to the 
software regulation device 1. The software regulation 
device receives the enciphered challenge message, deciphers 
at to form the challenge message ( FIG. 2A, and proceeds to 
shuffle it. FIG. 2C shows the structure of the shuffled 
challenge message. In one specific embodiment, it is 
obtained by exchanging the. first and second halves of the 
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challenge. In other embodiments, other shuffling operations 
can be used; any shuffling operation that rearranges the 
contents in the challenge is sufficient. The shuffled 
challenge message is also enciphered, as shown in FIG. 2D 
into an eight-byte message. The shuffled challenge message 
is the message which is sent by the software regulation 
device 1 over cable 4 to the host computer 3. This message 
is the response message, and is enciphered under the same 
key that was used to encipher the challenge. 

in the illustrative embodiment, the challenge and 
response messages are enciphered using the" well-known Data 
Encryption Standard (DES) as described in Federal 
Information Processing Standards Publication 46, National 
Bureau of Standards, U. S. Department of Commerce, January 
15, 1977. This enciphering method applies an eight-byte key 
to an eight-byte source message to produce an eight-byte 
enciphered message. Thus, the messages depicted in FIGs. 2A 
through 2D are described as being eight bytes long. If 
other encryption standards or mechanisms are used, the 
lengths of the messages may be adjusted accordingly. 
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Th. remaining three Figuresi riGs - ^ ^ 
*..=.ib. the specific operations that pec£ocMd ' 
checkpoint routine in ae sotl , ate pro3ram 2 Md 
software regulation device 1. with reference to P IG 3 
that „„. depicts the operations perform by the software 
program 2 in connection with a direct checkpoint routine. 
«« routme makes a predetermined number of attempts to 

perform a checkpoint protocol n,** • 

V P Coco1 ' that is, to generate a 

challenge message for trane.j 

and rec- '"--"..on to the software program 2 

recede an appropriate response. I£ „„ e or moce 
attempts fail, execution of the software program , a? 
continue. hut if . predetermined number of attempts fail 
the routine assumes that unauthorised use is in process 'and 
ta.es appropriate action, which may i„ clu d e termination of 
the software program 2. 

The checkpoint routine begins by setting a trial 
counter to an appropriate value (s tep This value " 

determines how many attempts win be made to perform a 
successful checkpoint protoco!. T he choice of this value 
depends on circumstances which need not be directiy related 
to software regulation, such as the possibility that the 



^DOCID <WQ__8805941A1 ! > 



WO 88/05941 



PCT/US88/00271 



-15- 

serial port may also be connected to some other peripheral 
device, which may result in message errors. 



Next the routine sends an unenciphered message to the 
software regulation device 1 (step 24) that includes an 
operation code field and a product number field. In the 
direct checkpoint routine, the contents of the operation 
code identify the direct checkpoint operation. The 
operation code for the direct checkpoint operation is the 
same for every direct checkpoint protocol. The product 
number identifies a particular software program, which will 
be different for different protected software programs but 
the same for every copy of a particular software program. 
In the illustrative embodiment, the operation code is one 
byte and the product number is four bytes. 



The direct checkpoint routine then waits for the 
software regulation device 11 to send a ready message (step 
27), which is an unenciphered message comprising a code that 
indicates that the software regulation device 1 is ready to 
continue and that it recognizes the product number. In the 
illustrative embodiment, the ready message is one byte long. 
If the ready message does not arrive within a specified 
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tiw, or if some other nessage is receive{Jf ^ checkpoinfc 
. protocol fails and the routine goes to step 26. 

When the ready message is received, the routine 
generates a challenge message (see FIG . 2A) and enciphers it 
to produce the enciphered challenge message 13 (see FIG. 2B) 
(step 28). The challenge is enciphered under a product key 
that is different for different protected software programs / 
but is the same for every copy of a given program. The 
routine then sends the enciphered challenge message 13 to 
the software regulation device 11 through the serial port of 
the host computer 3 (step 29) . 

The routine then shuffles the challenge (as described 
above in the discussion of riG. 2C, and uses the product key 
to produce the enciphered shuffled challenge „s described 
above in the- discussion of FIG. (st ep 30,. The result 

« the expected response to the challenge, and the routine 
saves the result for use <as described below in connection 
with step 32,. The routine then waits for a response fro* 
the software regulation device 11 (step 31). If the 
response does not arrive within a specified amount of time 
after the enciphered challenge message was transmitted to 
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the software regulation device, the checkpoint protocol 
fails and the routine goes to step 26. 

If the response message arrives, the routine compares 
it to the enciphered shuffled challenge which was computed 
in step 30 with the response (step 32), If they are the 
same, the checkpoint succeeds; otherwise, the checkpoint 
protocol fails, and the routine goes to step 26. .If the 
checkpoint succeeds, the routine is complete and execution 
of the software program continues (step 33). 

If the checkpoint protocol fails in any of steps 27, 31 
or 32, the routine delays for a time that lets the software 
regulation device 1 reach its initial state (step 26). Then 
the routine decreases the trial count by one (step 23) and 
compares it to zero (step 22). If the trial count is zero, 
the checkpoint has failed, and the routine assumes that use 
of the software program is unauthorized and takes 
appropriate action (step 25). If the trial count is not 
zero, the routine sequences to step 24, where it starts a 
new checkpoint protocol. 
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FIG. 4 depicts the operations performed by an i nd i r ec t 
checkpoint routine. This checkpoint is si-iler to that for 
a direct checkpoint ,r IG . 3,. hut differs in three respects 
•11 relating tc the fact that the indirect checkpoint 
routine transits a deciphers, key which is used by" the " 
software reflation device 1 to decipher the enciphered - 
challenge ne ssage. The software regulation device a uses a 
deciphering key identified by the product number initially ' 
transmitted by the indirect checkpoint routine , in step 44, 
to decipher the deciphering key. A software program 2 n»y 
have several checkpoint routines, and each indirect 
checkpoint routine has its own key. The operation code 
" tranS " itted *» ".P 24 <„„. 3) of the direct checkpoint 
routine ,and step 44 of the indirect checkpoint routine, 
identifies whether the routine is a direct checkpoint 
routine or an indirect checkpoint routine. 

With reference to 4, the first difference between 

the direct checkpoint routine and the indirect checkpoint 
routine is i„ step which foUows step 47. step 47 is 

equivalent to step 27 in the direct checkpoint routine 
depicted in FIG. 3. Following step 47 if th . r J 

y step «/, lf the ready message 

is received fro. the software- regulation device, the 
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indirect checkpoint routine sends an enciphered checkpoint 
key to the software regulation device 1 (step 48). That 
checkpoint key is enciphered under the product 'key. 
Although each protected software program has just one 
product key, a product that uses indirect checkpoints has a 
checkpoint key for each checkpoint. 

The second difference is in step 50, which corresponds 
to step 28 f in which the enciphered challenge message is 
generated. In step 50, the routine uses the checkpoint key 
which was transmitted (in enciphered form) in step 48 to 
encipher the challenge message, rather than the product key 
which is used to encipher the challenge message in step 28 
of the direct checkpoint routine. 

The third difference between the direct checkpoint 
routine and the indirect checkpoint routine is in step 52, 
which corresponds to step 30 in the direct checkpoint 
routine. In the indirect checkpoint routine the checkpoint 
key is used rather than the product key to encipher the 
shuffled challenge. 
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AUhough the indirect chectpoint routine senas a 
Of the checkpoint key enciphered ^ ier ^ ^ ^ 

does not have to perform that enciphering. Instead . the 
enciphered checkpoint key is stored ,s part of the routine 
therefore the product ke y is not present in the protected 
software program. This is an important advantage of the 
indirect checkpoint ,„«. 4) over the flirect checkpoint 

<««• 3,. Khen indirect checkpoint routines are used, an 

opponent must find everv c herVn ni „^ 

ery checkpoint routine, in the program 

in order to obtain the ke y s (that is, the checkpoint keys, 
that are necessary to construct a counterfeit software 
regulation device. On the other hand, when a direct 
checkpoint is used, the opponent need only find one 
checkpoint in order to find the necessary key ,the product 
*e y , to he ahle to produce a counterfeit software reflation 
device 1. It wm be appreciatea that m so£CMre fi 2 

may include any combination of direct and indirect 
checkpoint routines. 

«G. 5 depicts a f!o„ chart detailing the operations 
performed by the software regulation device 1. This routine 
responds to enciphered messages from both a direct 
checkpoint routine and an indirect checkpoint, routine. 
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In its initial state, the software regulation device 1 
is waiting for a message from a checkpoint routine 
comprising an operation code and a product number (step 60). 
When the appropriate message is received, the routine 
compares the product registration number in the message with 
product registrations that it maintains (step 61). If the.,,, 
software regulation device 1 contains a product registration 
whose product number is identical to the received product 
number, the device selects that registration and proceeds to 
step 62; otherwise, it sequences back to step 60. 

In step 62, the routine examines the operation code 
sent by the host (step 62) to determine whether the 
checkpoint routine run by the software program 2 (FIG. 1) is 
a direct checkpoint routine (FIG. 3), an indirect checkpoint 
routine (FIG. 4), or another operation. If the operation 
code specifies a direct checkpoint, the software regulation 
device 1 sequences to 64. In step 64, the software 
regulation device 1 selects as its encryption key the 
product key associated with the product registration from 
the message, after which it sequences to step 67. 
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On the other hand, if the operation code specifies an 
indirect checkpoint, the software regulation device 1 
sequences to 65. if the software regulafcion device ± ^ 
not receive the message containing th. enciphered checkpoint 
key within a predetermined amount of time, it returns to 
step 60. if the message is properly received, the software 
regulation device 1 uses the product key corresponding to 
the product identification sent with the operation code to 
decipher the checkpoint key (step 66). The deciphered 
checkpoint key is the key that is used to decipher the 
enciphered challenge message. 

Following either step 64 or step 66, the software 
regulation device 1 sequences to step 67, i„ which it waits 
for the enciphered challenge message. if that message is 
not received within a predetermined time, the software 
regulation device 1 returns to step 60. if the mesS age is 
properly received, the software regulation device 1 
deciphers the enciphered challenge message using the key 
selected in step 64 or step 66, shuffles it and enciphers 
the result- (step 68). The resulting message is then sent 
back to the host computer 3 over cable 4 (step 68). 
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The operation code received in step 62 may also specify 
other operations not specified herein. If it does, the 
software regulation device 1 sequences to step 63 to perform 
the operation, after which it returns to step 60. 

As mentioned above, in one embodiment of the invention, 
the challenge messages include random or pseudo-random 
numbers. It will be appreciated that the numbers need not 
be truly, random. It is desirable, however, that they 
comprise a sequence which is not repeated in patterns which 
could be detected by analysis of the sequence within a 
reasonable amount of time. In the illustrative embodiment, 
more than four billion different numbers are possible in the 
four-byte random number field, and so it is preferable that 
the numbers that are generated for the random number field 
be a significant portion of the set of numbers that are 
available. Indeed, a sequence of integers from zero up to 
four billion is a suitable sequence for use with the 
invention. 

Furthermore, it will be appreciated by one skilled in 
the art that, the software program 2, instead of generating 
an enciphered shuffled challenge message, after sending the 
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enciphered chaise m essa ge , £ot co „ pariso „ ^ ^ 
»« S a g . received tm the so£t „ are 

«ep S 30, pig. 3, and 52, fig 4) Mv 

ma y' after receiving the 
encphered snuffled challenge aess. g e from the soft „ are 

relation device, decipher that *essa 9 e and un-shuffle it 
-d compare the result to the 0 ri g i nal challen g e „essaoe ~ 

That would, hovevpr . 

however, delay verification of the success of 

the checkpoint, since that must be done . fter r ■ 

ne af ter receipt of the 

enciphered shuffled ^h=,n 

huffled challenge message from the software 

regulation device 1 „ 

m addition, while the software reflation svste- has 
been described as including a software reflation device ! 
separate and distinct fro- the host colter, it „i U be 
appreciated that the ..^ ^ 

of the host computet, as lon g as the chec k poi„t routines 

depicted in FlGs 3 a 

° 3 «nd 4 can properly communicate with the 
software regulation device 1. The use 

■ine use of an external 

software relation device facilitates porta b iUt y of the 
aut o rity to operate reguiatefl nt ^ n 

*° colter to another, since the externa! device 1 can he 
easiiy removed fro, one host colter and attached to 

another. .... 
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It will further be appreciated that an opponent who 
wishes to make unauthorized use of a protected software 



attempt to remove all checkpoint routines from the protected 
software program, in which case the software regulation 
device 1 cannot prevent unauthorized use of the resulting 
program. Second, he can attempt to manufacture a 
counterfeit software regulation device. This invention 
complicates these efforts for the following reasons. 

First, a direct checkpoint protocol uses a very large 
number of challenge and response message pairs (more than 
four billion in the illustrative embodiment). By using a 
large random number in forming the challenge message, the 
messages are not repeated in short, readily discernible 
sequences. Thus an opponent cannot construct a counterfeit 
software regulation device 1 that contains a complete table 
of challenge-response pairs. 

Second, a direct checkpoint protocol enciphers both the 
challenge message from the software program 2 and the 
response message from the software regulation device 1. The 



program can undermine the system in two ways. First, 



he can 
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messa 9 es are enciphered under a key, the product key, that 
» unioue to each protected software pro 9 ram. ThU s, ulthout 
tn °" l!d5e ° f the ■» =PPone„t cannot build 

device that generates the enciphered response from the 
enci h challenge< _ though the reiationsMp between 

tne challenge messages and the roc™ 

y the response messages may be 

known. 

Furthermore, the invention does not depend on trade 
secrets. The only thin, that must he kept secret is the 
Product key, which can be different for each protected 
software pro 9 ra». Attempts to obtain the product key are 
discouraged by keeping the kev =. 

P 9 he key ln a »emory that is "locked" 
by the physical and logical integrity of the mi., 

y y or zne microcomputer 6 

m the software rem.i ^ 

aic regulation device l rpu,^ 

ice x - Thu s an opponent 

cannot obtain the product key by e*ami„in 9 the software 

regulation device. 

The use of indirect checkpoints rather than direct 
checkpoints provides further security. „ indirect 
checkpoints are used, the product key is not present 
adhere in the software prc 9 ra». In order to make a 
counterfeit software r. 9 „ lati on device, an opponent would 
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have to find and remove every indirect checkpoint routine in 
a protected software program. 

The foregoing description has been limited to a 
specific embodiment of this invention- It will be apparent, 
however, that variations and modifications may be made to 
the invention, with the attainment of some or all of the 
advantages of the invention. Therefore, it is the object of 
the appended claims to cover all such variations and 
modifications as come within the true spirit and scope of 
the invention. 

What is claimed as new and desired to be secured by 
Letters Patent of the United States is: 
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1- * software regulation system £or regulating use 
software program operate lD . nost computer _ ^ 

ZZT inClUdi " 5 • eh " ! ^-V-"». - «» host computer 
mcludmg a software regulation device; 

A. said checkpoint routine including- 

I. checkpoint message generation means for generating a 
checkpoznt message; 

ti. checkpoint message transmission means connected to 
sa,d message generation means for enabling checkpoint 

messages generated bv said 

oy said message generation means to be 

transmitted bv sain 

&y saxd host computer to said software 

regulation device? 

iii. response messaoe reroii,<n„ 

sage receiving means connected to said 

-ssage transmission means for receiving response messages 
generated by said software regulation device following 
transmission of a checkpoint message; and 

IV. correspondence means connected to said message 
generation means and said message receiving means for 
determining the correspondence between said checkpoint 
-ssage and said received response message, said 
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cor respondence means controlling the operation of said 
software program in response to that determination; 
B. said software regulation device comprising: 

i. checkpoint message receiving means for receiving from 
said checkpoint routine said checkpoint message; 

ii. response message processing means connected to said 
checkpoint message receiving means for processing said . . 
received checkpoint message received by said checkpoint 
message receiving means to generate a response message 
therefrom; and 

iii. response message transmitting means connected to 
said response message processing means for transmitting said 
response message generated by said response message 
processing means to said checkpoint routine. 
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